[pfSense] Soekris 5501 + SATA drive issues

[Erik Anderson]

I'm at a loss here -

My shiny new 5501 arrived today, along with the SATA mounting kit and
a small SSD drive. Knowing that the 5501 doesn't support USB boot, I
connected the SSD to another system, and installed 2.0.1 to it using
the memstick image. I chose the embedded kernel.

After connecting the SSD to the 5501, the bootloader started just
fine, and it loaded the kernel, but failed when trying to mount the
root partition.

A full transcript of the boot process is here:

http://pastebin.me/82c3fe0bb271a67bf86d5a0d0f0e89f9

You can see on line 161 that the SSD was detected as device ad1, and
the system was trying to mount root from /dev/ad4s1a. Problem.

So, at the mountroot> prompt, I assumed I could just type
"ufs:/dev/ad1s1a". That didn't work, and gave the same error message.

>From the loader prompt, here's the device list:

OK lsdev
cd devices:
disk devices:
disk0:   BIOS drive C:
disk0s1a: FFS
disk0s1b: swap
pxe devices:
zfs devices:

Any pointers?

Thank you!
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[Fuchs, Martin]

I have it working this way here ;-)
Good luck,
Martin

Am 21.12.2011 um 20:18 schrieb "greg whynott" 
mailto:greg.whyn...@gmail.com>>:

 if i install squid-reverse i get both forward and reverse which are both 
usable(?),  that's great news!

i'll set it up in a vm and test first this time,  don't need anymore hand 
slappers today.  8)

thanks Martin,
-g




On Wed, Dec 21, 2011 at 1:43 PM, Fuchs, Martin 
mailto:martin.fu...@trendchiller.com>> wrote:
Well, the squid-reverse package supports both ;-)
It’s a fully featured sqid2 WITH reverse ;-)
And Exchange-assistant ;-)

Regards,

martin

Von: list-boun...@lists.pfsense.org 
[mailto:list-boun...@lists.pfsense.org] 
Im Auftrag von greg whynott
Gesendet: Mittwoch, 21. Dezember 2011 19:11
An: pfSense support and discussion
Betreff: Re: [pfSense] be aware, reverse squid install will break your forward 
squid.


On Wed, Dec 21, 2011 at 1:03 PM, Fuchs, Martin 
mailto:martin.fu...@trendchiller.com>> wrote:
But why not use squid2 so far ?
Does it lack any features ?

No real reason.  I've been using squid3 elsewhere without issue so thought it 
stable enough to use here which it has been for the last several months.

If the same instance of squid2 allows you to do both forward and reverse,  and 
pfsence supports it,  that would be great.  I'll look into it,  thanks.

Regards, martin


Have a great Christmas holiday,

greg


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[greg whynott]

 if i install squid-reverse i get both forward and reverse which are both
usable(?),  that's great news!

i'll set it up in a vm and test first this time,  don't need anymore hand
slappers today.  8)

thanks Martin,
-g




On Wed, Dec 21, 2011 at 1:43 PM, Fuchs, Martin <
martin.fu...@trendchiller.com> wrote:

>  Well, the squid-reverse package supports both ;-)
>
> It’s a fully featured sqid2 WITH reverse ;-)
>
> And Exchange-assistant ;-)
>
> ** **
>
> Regards,
>
> ** **
>
> martin
>
> ** **
>
> *Von:* list-boun...@lists.pfsense.org [mailto:
> list-boun...@lists.pfsense.org] *Im Auftrag von *greg whynott
> *Gesendet:* Mittwoch, 21. Dezember 2011 19:11
> *An:* pfSense support and discussion
> *Betreff:* Re: [pfSense] be aware, reverse squid install will break your
> forward squid.
>
> ** **
>
> ** **
>
> On Wed, Dec 21, 2011 at 1:03 PM, Fuchs, Martin <
> martin.fu...@trendchiller.com> wrote:
>
> But why not use squid2 so far ?
> Does it lack any features ?
>
>
> No real reason.  I've been using squid3 elsewhere without issue so thought
> it stable enough to use here which it has been for the last several months.
>
> If the same instance of squid2 allows you to do both forward and reverse,
> and pfsence supports it,  that would be great.  I'll look into it,  thanks.
> 
>
>
> Regards, martin
>
>
>
> Have a great Christmas holiday,
>
> greg
>  
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[Fuchs, Martin]

Well, the squid-reverse package supports both ;-)
It’s a fully featured sqid2 WITH reverse ;-)
And Exchange-assistant ;-)

Regards,

martin

Von: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] Im 
Auftrag von greg whynott
Gesendet: Mittwoch, 21. Dezember 2011 19:11
An: pfSense support and discussion
Betreff: Re: [pfSense] be aware, reverse squid install will break your forward 
squid.


On Wed, Dec 21, 2011 at 1:03 PM, Fuchs, Martin 
mailto:martin.fu...@trendchiller.com>> wrote:
But why not use squid2 so far ?
Does it lack any features ?

No real reason.  I've been using squid3 elsewhere without issue so thought it 
stable enough to use here which it has been for the last several months.

If the same instance of squid2 allows you to do both forward and reverse,  and 
pfsence supports it,  that would be great.  I'll look into it,  thanks.

Regards, martin


Have a great Christmas holiday,

greg

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[greg whynott]

On Wed, Dec 21, 2011 at 1:03 PM, Fuchs, Martin <
martin.fu...@trendchiller.com> wrote:

> But why not use squid2 so far ?
> Does it lack any features ?
>

No real reason.  I've been using squid3 elsewhere without issue so thought
it stable enough to use here which it has been for the last several months.

If the same instance of squid2 allows you to do both forward and reverse,
and pfsence supports it,  that would be great.  I'll look into it,  thanks.


> Regards, martin
>


Have a great Christmas holiday,

greg
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[Fuchs, Martin]

Squid reverse is squid V2 and combines the features of Reverse Proxy with the 
squid package. 
I don't get the newest squid3 built, because of this there's no reverse-edition 
for that until now...
But why not use squid2 so far ?
Does it lack any features ?

Regards, martin

Am 21.12.2011 um 18:24 schrieb "Jim Pingle" :

> On 12/21/2011 12:18 PM, greg whynott wrote:
>> 
>>That's probably not going to work - I don't think anyone ever
>>intended for two version of squid to be on one system.
>> 
>> 
>> why wouldn't it,  there is nothing preventing you from having two
>> processes running,  bound to different interfaces.  this is unix,  not
>> windows.
> 
> The package author(s) would have to coordinate something like that to
> make sure they didn't kill each other's dependencies and also to control
> them independently. It is not likely that happened. Especially since the
> Squid3 package still isn't considered 'stable'.
> 
>>Besides, why not just port forward exchange through the firewall -
>>there is no need for squid to do this.
>> 
>> 
>> because its not what we want to do.  you may not have a need but others
>> do,  which is probably a good indication why the solution was developed.
> 
> What specifically about squid-reverse makes it useful in your scenario?
> Perhaps if you describe your situation in more detail we could recommend
> an alternate solution.
> 
> Jim
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
> 
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[Jim Pingle]

On 12/21/2011 12:18 PM, greg whynott wrote:
> 
> That's probably not going to work - I don't think anyone ever
> intended for two version of squid to be on one system.
> 
> 
> why wouldn't it,  there is nothing preventing you from having two
> processes running,  bound to different interfaces.  this is unix,  not
> windows.

The package author(s) would have to coordinate something like that to
make sure they didn't kill each other's dependencies and also to control
them independently. It is not likely that happened. Especially since the
Squid3 package still isn't considered 'stable'.

> Besides, why not just port forward exchange through the firewall -
> there is no need for squid to do this.
> 
> 
> because its not what we want to do.  you may not have a need but others
> do,  which is probably a good indication why the solution was developed.

What specifically about squid-reverse makes it useful in your scenario?
Perhaps if you describe your situation in more detail we could recommend
an alternate solution.

Jim
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[greg whynott]

> That's probably not going to work - I don't think anyone ever intended for
> two version of squid to be on one system.
>

why wouldn't it,  there is nothing preventing you from having two processes
running,  bound to different interfaces.  this is unix,  not windows.



>
> Besides, why not just port forward exchange through the firewall - there
> is no need for squid to do this.
>

because its not what we want to do.  you may not have a need but others
do,  which is probably a good indication why the solution was developed.

thanks for your useful comments.

greg




>
> Scott
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[Scott Ullrich]

On Wed, Dec 21, 2011 at 11:58 AM, greg whynott wrote:

> after re-installing squid3 twice,  we still see this in the logs:
>
> Dec 21 11:34:28 pfw01 php: /pkg_mgr_install.php: Starting Squid
> Dec 21 11:34:28 pfw01 php: /pkg_mgr_install.php: The command
> '/usr/local/sbin/squid' returned exit code '127', the output was
> '/usr/local/sbin/squid: not found'
>
> and sure enough the squid binary is not there..
>
> removing squid3 and reinstalling it fixed things.   It retained the
> previous config too,  which was nice.
>
> now to research how to use both features at once.  shouldn't be an
> issue even if they are different versions,  one is binding to the
> external interface whereas the other is not..
>
> -g
>
>
>
>
>
> On Wed, Dec 21, 2011 at 11:45 AM, greg whynott 
> wrote:
> > I just got burnt installing a package,  which made alot of people sad
> > for a little while.  thought i'd share, perhaps it'll save someone
> > from doing the same.
> >
> > Been using the squid3 package for some time,  recently we decided to
> > allow external access into our Exchange web mail interface.   I
> > installed the 'squid-reverse' package,  the description claims was
> > designed for this exact requirement. Doing so caused it to break
> > the already installed squid3 which the business is using.   removing
> > the squid-reverse package didn't correct anything,   squid wouldn't
> > restart.   After re-installing squid3 package we still don't have
> > proxy services.
> >
> > I am now in the process of sorting it out,  still.Thankfully we
> > are using transparent with redirect,  which i turned off till this
> > gets resolved.
>


That's probably not going to work - I don't think anyone ever intended for
two version of squid to be on one system.

Besides, why not just port forward exchange through the firewall - there is
no need for squid to do this.

Scott
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] be aware, reverse squid install will break your forward squid.

[greg whynott]

after re-installing squid3 twice,  we still see this in the logs:

Dec 21 11:34:28 pfw01 php: /pkg_mgr_install.php: Starting Squid
Dec 21 11:34:28 pfw01 php: /pkg_mgr_install.php: The command
'/usr/local/sbin/squid' returned exit code '127', the output was
'/usr/local/sbin/squid: not found'

and sure enough the squid binary is not there..

removing squid3 and reinstalling it fixed things.   It retained the
previous config too,  which was nice.

now to research how to use both features at once.  shouldn't be an
issue even if they are different versions,  one is binding to the
external interface whereas the other is not..

-g





On Wed, Dec 21, 2011 at 11:45 AM, greg whynott  wrote:
> I just got burnt installing a package,  which made alot of people sad
> for a little while.  thought i'd share, perhaps it'll save someone
> from doing the same.
>
> Been using the squid3 package for some time,  recently we decided to
> allow external access into our Exchange web mail interface.   I
> installed the 'squid-reverse' package,  the description claims was
> designed for this exact requirement.     Doing so caused it to break
> the already installed squid3 which the business is using.   removing
> the squid-reverse package didn't correct anything,   squid wouldn't
> restart.   After re-installing squid3 package we still don't have
> proxy services.
>
> I am now in the process of sorting it out,  still.    Thankfully we
> are using transparent with redirect,  which i turned off till this
> gets resolved.
>
> -g
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] be aware, reverse squid install will break your forward squid.

[greg whynott]

I just got burnt installing a package,  which made alot of people sad
for a little while.  thought i'd share, perhaps it'll save someone
from doing the same.

Been using the squid3 package for some time,  recently we decided to
allow external access into our Exchange web mail interface.   I
installed the 'squid-reverse' package,  the description claims was
designed for this exact requirement. Doing so caused it to break
the already installed squid3 which the business is using.   removing
the squid-reverse package didn't correct anything,   squid wouldn't
restart.   After re-installing squid3 package we still don't have
proxy services.

I am now in the process of sorting it out,  still.Thankfully we
are using transparent with redirect,  which i turned off till this
gets resolved.

-g
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] anyone running snort?

[Eugen Leitl]

On Wed, Dec 21, 2011 at 09:29:37AM -0500, Ian Bowers wrote:

> Sorry to be long winded, but I'm trying to teach a man how to fish!

Right, I've remembered that old fishing net I had laying around. Works now.
Only two rules don't want to load.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] anyone running snort?

[Ian Bowers]

On Wed, Dec 21, 2011 at 8:41 AM, Eugen Leitl  wrote:

> On Wed, Dec 21, 2011 at 02:38:32PM +0100, Eugen Leitl wrote:
> >
> > I'm getting a
> >
> > Warning: opendir(/usr/local/etc/snort/snort_10053_igb1/rules/): failed
> to open dir: No such file or directory in
> /usr/local/www/snort/snort_rulesets.php on line 251 Warning: readdir():
> supplied argument is not a valid Directory resource in
> /usr/local/www/snort/snort_rulesets.php on line 252 Warning: sort() expects
> parameter 1 to be array, null given in
> /usr/local/www/snort/snort_rulesets.php on line 255 Warning: Invalid
> argument supplied for foreach() in /usr/local/www/snort/snort_rulesets.php
> on line 256
> >
> > in the Categories tab the snort package. The package is too old
> > again for snort rules, probably?
>
> Some more warnings/errors from the logs
>
> Dec 21 14:39:46 snort[40843]: WARNING
> /usr/local/etc/snort/snort_10053_igb1/rules/pfsense-voip.rules(1) threshold
> (in rule) is deprecated; use detection_filter instead.
> Dec 21 14:39:46 snort[40843]: WARNING
> /usr/local/etc/snort/snort_10053_igb1/rules/pfsense-voip.rules(1) threshold
> (in rule) is deprecated; use detection_filter instead.
> Dec 21 14:39:46 snort[40843]: FATAL ERROR:
> /usr/local/etc/snort/snort_10053_igb1/rules/snort_attack-responses.rules(32)
> Please enable the HTTP Inspect preprocessor before using the http content
> modifiers
> Dec 21 14:39:46 snort[40843]: FATAL ERROR:
> /usr/local/etc/snort/snort_10053_igb1/rules/snort_attack-responses.rules(32)
> Please enable the HTTP Inspect preprocessor before using the http content
> modifiers
>
> --
> Eugen* Leitl http://leitl.org";>leitl http://leitl.org
> __
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>


The first two warnings are just deprecation messages, I don't think you
need to worry about those.  It just indicates a version mismatch between
the stated rules and the running version of snort.  Er more specifically,
it indicates that the rule was written using syntax that is being phased
out.  I get errors like this all the time, partially because I use 3rd
party rulesets, and it's never hampered my operation.  The rule should
still operate appropriately.

The second two I'm less familiar with, but it sounds as simple as enabling
the HTTP inspect preprocessor.  A user addressed this specific error in the
support forums at:  http://forum.pfsense.org/index.php?topic=31597.0 .  The
instructions he gave were:

--
Problem is that you need to enable the HTTP inspect preprocessor. To do
that...

1. Login to pfSense and click on Services / Snort tab
2. Under "Snort Interfaces" click the edit button next to your interface
3. Click on the "Preprocessors" tab
4. Under "HTTP Inspect Settings" section put a checkmark in "Use HTTP
Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies."

It should tell you at the top that the Snort service needs to be restarted,
if it doesn't just go back to the "Snort Interfaces" and click the red stop
button and then the green start button to restart the service.
---

One recommendation I can give, and I totally don't mean this to sound like
I'm waving my finger at you, is to use google.  Take advantage of how
widely deployed snort is.  It's the most deployed IDS out there.  And as is
typically the case with networking, enough so that I use it as a mantra,
"Chances are you're not the first person to have this problem".  Take the
error message and paste it inside quotes, not including anything specific
to your machine (PID numbers, paths, etc).  So like just google with "Please
enable the HTTP Inspect preprocessor before using the http content
modifiers" to make it as specific as possible while still being generic.
 if that makes any sense.   that's how I found that forum post, I think it
was the first or second link.  With millions (I'm making that up but it's
probably true) of snort implementations out there, there are gobs of people
having startup errors.

Sorry to be long winded, but I'm trying to teach a man how to fish!

-Ian
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] anyone running snort?

[Eugen Leitl]

On Wed, Dec 21, 2011 at 02:38:32PM +0100, Eugen Leitl wrote:
> 
> I'm getting a 
> 
> Warning: opendir(/usr/local/etc/snort/snort_10053_igb1/rules/): failed to 
> open dir: No such file or directory in 
> /usr/local/www/snort/snort_rulesets.php on line 251 Warning: readdir(): 
> supplied argument is not a valid Directory resource in 
> /usr/local/www/snort/snort_rulesets.php on line 252 Warning: sort() expects 
> parameter 1 to be array, null given in 
> /usr/local/www/snort/snort_rulesets.php on line 255 Warning: Invalid argument 
> supplied for foreach() in /usr/local/www/snort/snort_rulesets.php on line 256 
> 
> in the Categories tab the snort package. The package is too old
> again for snort rules, probably?

Some more warnings/errors from the logs

Dec 21 14:39:46 snort[40843]: WARNING 
/usr/local/etc/snort/snort_10053_igb1/rules/pfsense-voip.rules(1) threshold (in 
rule) is deprecated; use detection_filter instead.
Dec 21 14:39:46 snort[40843]: WARNING 
/usr/local/etc/snort/snort_10053_igb1/rules/pfsense-voip.rules(1) threshold (in 
rule) is deprecated; use detection_filter instead.
Dec 21 14:39:46 snort[40843]: FATAL ERROR: 
/usr/local/etc/snort/snort_10053_igb1/rules/snort_attack-responses.rules(32) 
Please enable the HTTP Inspect preprocessor before using the http content 
modifiers
Dec 21 14:39:46 snort[40843]: FATAL ERROR: 
/usr/local/etc/snort/snort_10053_igb1/rules/snort_attack-responses.rules(32) 
Please enable the HTTP Inspect preprocessor before using the http content 
modifiers

-- 
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] anyone running snort?

[Eugen Leitl]

I'm getting a 

Warning: opendir(/usr/local/etc/snort/snort_10053_igb1/rules/): failed to open 
dir: No such file or directory in /usr/local/www/snort/snort_rulesets.php on 
line 251 Warning: readdir(): supplied argument is not a valid Directory 
resource in /usr/local/www/snort/snort_rulesets.php on line 252 Warning: sort() 
expects parameter 1 to be array, null given in 
/usr/local/www/snort/snort_rulesets.php on line 255 Warning: Invalid argument 
supplied for foreach() in /usr/local/www/snort/snort_rulesets.php on line 256 

in the Categories tab the snort package. The package is too old
again for snort rules, probably?

-- 
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list